Login Credentials Sent In Clear Text

Description

During the scan, Kayran managed to find that the Login Credentials are being Sent In Clear Text.
This vulnerability is caused when a user’s credentials are transmitted unencrypted. The credentials must be transmitted via HTTPS in order to prevent malicious users from intercepting this information.

Attackers could intercept, stealing the information using a MITM (Man-in-the-middle) attack to retrieve the credentials that are being sent in Clear text. The software transmits sensitive or security-critical data in clear text in a communication channel. That can be sniffed by unauthorized actors.

Recommendation

To prevent this vulnerability, make sure that the site transmits to the server by using trusted and encrypted connections (HTTPS).

References

https://cwe.mitre.org/data/definitions/319.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »